What is a Hash Length Extension Attack? This is what I aimed to answer with talk. It goes into as much detail as is required to understand the concept. The talk was presented at OWASP at Shopify as well as at Nokia.

NodeJS Security Best Practices is a talk that I have done at OWASP Ottawa, OWASP Kanata and OttawaJS. It is intended to be digestible and impactful for both entry level and seasoned NodeJS developers as well as the wider security community. The talk includes justifications and examples for why it is important to do some of the practices where the reasoning may not be obvious (such as setting HTTP headers to prevent clickjacking).